The Industrial Internet Consortium (IIC) has announced the Security Maturity Model (SMM) Practitioner’s Guide. The guide provides detailed guidance to assist IoT stakeholders in assessing and managing the security maturity of IoT systems.

In addition to the guide’s publication is an update to the IoT SMML Description and Intended Use White Paper, which gives readers an introduction to the concepts and approach of the SMM. It has been updated for consistency with the SMM Practitioner’s Guide and includes updated terminology and diagrams.

The SMM helps organizations address security concerns and threat risks with a structured top-down approach to goal setting and security assessment, thereby giving organizations the ability to trade off investment against risk.

“This is the first model of its kind to assess the maturity of organizations’ IoT systems in a way that includes governance, technology and system management,” said Stephen Mellor, CTO, IIC. “Other models address part of what is addressed by the SMM: they may address a particular industry, IoT but not security, or security but not IoT. The SMM covers all these aspects and points to parts of existing models, where appropriate, to recognize existing work and avoid duplication.”

The SMM builds on concepts from the IIC Industrial Internet Security Framework from 2016. It defines specific levels of security maturity that companies should achieve. They can improve their security by continually assessing security and making improvements over time.

The practitioner’s guide highlights three case studies that illustrate to IoT stakeholders how to apply the maturity assessment process and how the SMM can be applied in practice. The case studies include a data-driven bottling line, an automotive gateway, and residential security cameras.

The IIC designed the SMM to be extended for industry and system-specific requirements. The IIC is collaborating with various industry groups to develop industry profiles that extend the model.